Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-02 | CVE-2018-1373 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2018-03-02 | CVE-2017-1787 | Use of Hard-coded Credentials vulnerability in IBM Rational Publishing Engine 2.1.2/6.0.5 IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. | 6.7 |
| 2018-03-02 | CVE-2017-1654 | Information Exposure vulnerability in IBM General Parallel File System and Spectrum Scale IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. | 3.3 |
| 2018-02-28 | CVE-2016-0299 | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to obtain sensitive information via vectors involving a database query. | 5.3 |
| 2018-02-28 | CVE-2016-0295 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2018-02-28 | CVE-2016-0291 | OS Command Injection vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. | 8.8 |
| 2018-02-27 | CVE-2018-1425 | Inadequate Encryption Strength vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
| 2018-02-27 | CVE-2018-1416 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2018-02-27 | CVE-2018-1399 | Cross-site Scripting vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. | 5.4 |
| 2018-02-27 | CVE-2018-1372 | Weak Password Requirements vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |